Get currently logged-on Active Directory user from a C# web page (IIS incl)

Question

We are building an intranet for a client, the client doesn't want the users to log on, as they have already logged onto the domain (Active Directory)

But they do want to know the AD username of each user so that if they post on the blog, their identity can be recorded.

Our thinking so far has been, that our web.config file should say:

<identity impersonate="false" />

so that each user browses the intranet site as themselves and not the App Pool user configured in IIS.

Would this be the right way to go about it?

If so, what IIS authentication should we be using? NOTE: we are not authenticating the user, so we don't want the logon prompt, all users will already have logged onto the domain, we just want to see their username.

Is this even possible? And are we on the right track?

In C#, we can retrieve the username like this:

System.Web.HttpContext.Current.Request.LogonUserIdentity.Name.ToString()

but we just can't find an IIS authentication setting that will not prompt a domain/network login.

Answer 1

You need to turn on windows authentication. After you did that, the identity token will be passed to the server as I remember, and you can manage the authentication with that. Also note that only Chrome and IE supports this fully, Firefox will ask at least for pressing an ok button before authenticating the user. Other thing to note is the set the trust levels correctly in the browser, or it wont do the automatic authentication.